Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,904
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,341 - 13,360 of 14,373 CVEs
CVE-2026-23955 MEDIUM - 4.2

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be used...

Vendor: EVerest
Product: everest-core
Published: Jan 21, 2026
Source: NVD
CVE-2025-68140 MEDIUM - 4.3

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message su...

Vendor: EVerest
Product: everest-core
Published: Jan 21, 2026
Source: NVD
CVE-2025-68139 MEDIUM - 4.3

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for `terminate_connection_on_failed_response` is `False`, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the ...

Vendor: EVerest
Product: everest-core
Published: Jan 21, 2026
Source: NVD
CVE-2025-68138 MEDIUM - 4.7

EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentiall...

Vendor: EVerest
Product: everest-core
Published: Jan 21, 2026
Source: NVD
CVE-2025-68135 MEDIUM - 6.5

EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the `TbdController` loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and ISO15118-20 servers. Ver...

Vendor: EVerest
Product: everest-core
Published: Jan 21, 2026
Source: NVD
CVE-2021-47860 MEDIUM - 5.3

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code o...

Vendor: GetSimple CMS
Product: Custom JS Plugin
Published: Jan 21, 2026
Source: NVD
CVE-2021-47849 MEDIUM - 6.2

Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests.

Vendor: Yodinfo
Product: Mini Mouse
Published: Jan 21, 2026
Source: NVD
CVE-2021-47817 MEDIUM - 5.4

OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execu...

Vendor: OpenEMR Foundation, Inc.
Product: OpenEMR
Published: Jan 21, 2026
Source: NVD
CVE-2026-20109 MEDIUM - 4.8

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-b...

Vendor: Cisco
Product: Cisco Packaged Contact Center Enterprise, Cisco Unified Contact Center Enterprise
Published: Jan 21, 2026
Source: NVD
CVE-2026-20092 MEDIUM - 6.0

A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance. This vulnerability is due to improper file permissions on configuration file...

Vendor: Cisco
Product: Cisco Intersight Virtual Appliance
Published: Jan 21, 2026
Source: NVD
CVE-2026-20080 MEDIUM - 5.3

A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service lacks effective flood protection. An attacker could exploit th...

Vendor: Cisco
Product: Cisco Ultra-Reliable Wireless Backhaul
Published: Jan 21, 2026
Source: NVD
CVE-2026-20055 MEDIUM - 4.8

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-b...

Vendor: Cisco
Product: Cisco Packaged Contact Center Enterprise, Cisco Unified Contact Center Enterprise
Published: Jan 21, 2026
Source: NVD
CVE-2025-57681 MEDIUM - 5.4

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. The vulnerability is exploited via a specially crafted payloa...

Vendor: n/a
Product: n/a
Published: Jan 21, 2026
Source: NVD
CVE-2026-23946 MEDIUM - 6.8

Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by default). This vulnerability allows Remote Code Execution (RCE) ...

Vendor: pip
Product: tendenci
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23992 MEDIUM - 5.9

go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to unautho...

Vendor: go
Product: github.com/theupdateframework/go-tuf/v2
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23991 MEDIUM - 5.9

go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (valid JSON but not well formed TUF metadata), the client will panic during parsing, causing a denial of ...

Vendor: go
Product: github.com/theupdateframework/go-tuf/v2
Published: Jan 21, 2026
Source: GitHub

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the `CustomerTransformerController` within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading ...

Vendor: composer
Product: coreshop/core-shop
Published: Jan 21, 2026
Source: GitHub

The extension extends TYPO3โ€™ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core versio...

Vendor: composer
Product: cpsit/typo3-mailqueue
Published: Jan 21, 2026
Source: GitHub
CVE-2025-14559 MEDIUM - 6.5

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privil...

Vendor: maven
Product: org.keycloak:keycloak-services
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23952 MEDIUM - 6.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS at...

Vendor: nuget
Product: Magick.NET-Q8-x64
Published: Jan 21, 2026
Source: GitHub